Statutes, codes, and regulations
Oregon Administrative Code
Chapter 291 - DEPARTMENT OF CORRECTIONS
Division 5 - NETWORK INFORMATION SYSTEM ACCESS AND SECURITY
Section 291-005-0055 - User Password Management and Responsibilities

Or. Admin. Code § 291-005-0055

Download
PDF
Current through Register Vol. 64, No. 1, January 1, 2025
Section 291-005-0055 - User Password Management and Responsibilities
(1) Authorized users shall comply with the following rules to create and manage their passwords:
(a) All user accounts shall be protected by use of a password. This password shall be generated by and known only to the individual user.
(b) The Department of Corrections ISO shall determine password characteristics.
(2) Password Duration: All user passwords shall be subject to automatic retirement at a maximum set time period in the standards and guidelines. Authorized users may change passwords as often as they wish during this period and are encouraged to do so.
(3) Password Violation: Violation of these rules is a disciplinary matter with consequences up to and including dismissal.
(4) A user account shall be automatically disabled when there have been more than five consecutive invalid logon attempts by a user during a 120-minute time period.
(5) The Department of Corrections ISO or designee may re-enable a disabled password.

Or. Admin. Code § 291-005-0055

CD-24-1992, f. 11-24-92, cert. ef. 12-1-92; CD 10-1997, f. & cert. ef. 6-20-97; DOC 16-1999, f. 9-24-99, cert. ef. 10-1-99; DOC 5-2024, amend filed 04/29/2024, effective 4/29/2024

Statutory/Other Authority: ORS 179.040, 423.020, 423.030 & 423.075

Statutes/Other Implemented: ORS 179.040, 423.020, 423.030 & 423.075